Provision AWS Lightsail with Ansible


Amazon has announced a new cloud service Lightsail recently aiming at DigitalOcean, with exact same price and same spec of node. As a heavy DigitalOcean user, I am more than happy to try the alternative provided by AWS. Creating the first instance is not smooth, I got successfully created the first instance by AWS SDK after 3 weeks in and out mails with the support team.


This post is a quick guide on provisioning the instance by Ansible. Before that , some outlines:

Ansible playbook


- hosts: cloud 
  gather_facts: False
    - name: Update local known_hosts
      local_action: shell ssh-keyscan -H {{ hostvars[item].ansible_host }} >> ~/.ssh/known_hosts
      with_items: "{{ }}"

    - name: Install aptitude
      raw: test ! -e /usr/bin/aptitude && sudo apt-get install -qq aptitude || true

    - name: Install python 2.7
      raw: test ! -e /usr/bin/python && (sudo apt-get update -qq && sudo apt-get install -qq python2.7) || true

    - name: Install letsencrypt 
      raw: test ! -e /usr/bin/letsencrypt && (sudo apt-get update -qq && sudo apt-get install -qq letsencrypt) || true

- hosts: cloud 
    - update-apt
    - user
    - swap

- hosts: cloud 
    - role: angstwad.docker_ubuntu
      become: yes
      kernel_pkg_state: present





Looking at provision.yml , the first 3 common tasks are pretty straight forward:

Followed by 3 common roles:

I would like to pick user role as example


- name: Ensure user exists
  become: yes
    name: appuser
    state: present
    shell: /bin/bash
    append: yes 
    groups: sudo

- name: Ensure authorized key exists
  become: yes
  authorized_key: user=appuser key="{{ lookup('file', '~/.ssh/') }}"

- name: Copy sudoers
  become: yes
  copy: src=./sudoers dest=/etc/sudoers

This role will create a user appuser in sudo group for application deploy. So that we don’t need to use the default user ubuntu every time. Make sure you have added the id pub key into the instance’s authorized_key file

The last role is installing docker into the instance, after that you can use any docker command like sudo docker or sudo docker-compose in the instance and it’s armed with docker engine now.

OK now we have a provisioned instance and keep lego it with any application you write. I will suggest to use Ansible docker service as well to depoly your application based on docker image.